[dnsdist] documentation for "showDOHFrontends()" output

Remi Gacogne remi.gacogne at powerdns.com
Wed Jun 12 13:25:40 UTC 2019

On 6/12/19 12:05 AM, Christoph wrote:
> We saw 400 Bad Request responses but the counter in the "Bad" column did
> not increase but I'll rerun the tests to make sure this was not caused
> by looking at the IPv4 counter stats while hitting the IPv6 frontend
> or vice versa.

Note that invalid HTTP queries will get a 400 before our DNS code even
get called, so you might indeed get 400 errors without the "Bad" counter

>> The "Errors" counters refers to invalid or rejected DNS queries:
>> - smaller than a minimal DNS header or the QR bit is set, or QDCOUNT is
>> equal to zero (noncompliant-queries in the regular stats should increase
>> accordingly);
>> - blocked by the ACL (acl-drops should increase) ;
>> - query is dropped by a rule (the counter of the corresponding rule
>> should increase) ;
>> - we encountered an error when sending the query to the selected backend
>> (downstream-send-errors should increase, as well the 'sendErrors'
>> counter of the corresponding backend).
> Thanks for writing this down. Are you implying that you currently
> respond with
> 500 Internal Server Error
> in all these "Error" cases? (which would be surprising, at least to me)

Yes, that's indeed the case with our current code and I agree we need to
handle that differently. I just opened [1] which I hope is a step in the
right direction. Comments welcome!

[1]: https://github.com/PowerDNS/pdns/pull/7917

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190612/bd7aef80/attachment.sig>

More information about the dnsdist mailing list